VYPR

Vendor CVEs

1panel Dev

All CVEs

55 total · sorted by risk
  • CVE-2023-37916Jul 21, 2023
    risk 0.00cvss epss 0.01

    KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in…

  • CVE-2023-37917Jul 21, 2023
    risk 0.00cvss epss 0.01

    KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version…

  • CVE-2023-37477Jul 18, 2023
    risk 0.00cvss epss 0.05

    1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP…

  • CVE-2023-36457Jul 5, 2023
    risk 0.00cvss epss 0.02

    1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6.

  • CVE-2023-36458Jul 5, 2023
    risk 0.00cvss epss 0.02

    1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6.

Page 2 of 2